now tagging usefull log data using grok filter. if you want to add a new nginx instance: copy the conf from nginx and keep the type for both access and error.
